
What is claimed is: 

^Vy^ A method of securely downloading and installing patch data in a plurality of 
computing devices, each computing device having a processor, program memory and patch 
memory, said method comprising the steps of: 
5 transmitting said patch data to said computing devices over a nonsecure channel in an 

encrypted manner utilizing a first key; / 
receiving first encrypted patch data at a computing device and decrypting said first 

encrypted patch data utilizing said first key so as to generate clear patch data; 
verifying the integrity of the contents of said clear patch data; and if said verification 
10 passes, 

encrypting said clear patch data using a second key and storing the resultant second 

encrypted patch data in a data memory; 
retrieving said second encrypted patch data firom said data memory and decrypting 
said second encrypted patch data using said second key so as to generate clear 
15 patch data; and 

loading said clear patch data into said patch memory and executing the contents 
thereof. 

2. The method according to claim 1, wherein said patch data is received from a satellite 
adapted to forward said patch data transmitted firom a central data center. 

20 3. The method according to claim 1, wherein said patch data is received from a terrestrial 
repeater station adapted to forward said patch data transmitted from a central data center. 

4. The method according to claim 1, wherein said nonsecure channel comprises a 
satellite downlink. 

5. The method according to claim 1, wherein said nonsecure channel comprises a 
25 terrestrial wireless link. 

6. The method according to claim 1, wherein said computing device comprises the data 
processor portion of a radio receiver adapted to receive a signal transmitted from a satellite 
downlink. 
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7. The method according to claim 1, wherein said computing device comprises the data 
processor portion of a radio receiver adapted to receive a signal transmitted from a terrestrial 
repeater station. 

8. The method according to claim 1, wherein said first key is known to all computing 
5 devices in said system. 

9. The method according to claim 1, wherein said first key is known to a portion of 
computing devices in said system. 

10. The method according to claim 1, wherein each individual computing device 
comprises a unique said second key not normally known to other computing devices. 

10 11. The method according to claim 1, wherein said second encrypted patch data is stored 
in random access memory (RAM) integral to said device. 

12. The method according to claim 1, wherein said second encrypted patch data is stored 
in random access memory (RAM) located in a host device in communication with said 
computing device. 

15 13. The method according to claim 1, wherein said second encrypted patch data is stored 
in nonvolatile memory (NVM) integral to said device. 

14. The method according to claim 1, wherein said second encrypted patch data is stored 
in nonvolatile memory (NVM) located in a host device in communication with said 
computing device. 

20 15. The method according to claim 1, further comprising the step of deleting said patch 
information from said device in the event said verification fails. 

16. The method according to claim 1, further comprising the step of deleting said patch 
information from said device and subsequently rebooting said device in the event said 
verification fails. 

25 17. The method according to claim 1, wherein said first key is hardwired within said 
computing device. 
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18. The method according to claim 1, wherein said second key is hardwired within said 
computing device. 

19. The method according to claim 1, wherein said second key is stored in nonvolatile 
memory external to said computing device. 

5 20. The method according to claim 1, wherein said second key is derived from a unique 
ID burnt into said computing device. 

Apparatus for securely downloading and installing patch data in a plurality of 
computing devices, said patch data transmitted over an nonsecure channel in an encrypted 
manner using a first key, comprising: 
10 patch memory adapted to store said patch data; 

data memory; 

a processor; 

software means operative on said processor for: 

receiving a first encrypted patch data transmitted to said computing devices 
15 and decrypting said first encrypted patch data utilizing said first key so 

as to generate clear patch data; 
verifying the integrity of the contents of said clear patch data; and if said 
verification passes, 

encrypting said clear patch data using a second key and storing the resultant 
20 second encrypted patch data in said data memory; 

retrieving said second encrypted patch data from said data memory and 
decrypting said second encrypted patch data using said second key so 
as to generate clear patch data; and 
loading said clear patch data into said patch memory and executing the 
25 contents thereof. 

22. The apparatus according to claim 21, wherein said patch data is received from a 
satellite adapted to forward said patch data transmitted from a central data center. 

23. The apparatus according to claim 21, wherein said patch data is received from a 
terrestrial repeater station adapted to forward said patch data transmitted from a central data 

30 center. 
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24. The apparatus according to claim 21, wherein said nonsecure channel comprises a 
satellite downlink. 

25. The apparatus according to claim 21, wherein said nonsecure channel comprises a 
terrestrial wireless link. 

5 26. The apparatus according to claim 21, wherein said computing device comprises the 
data processor portion of a radio receiver adapted to receive a signal transmitted from a 
satellite downlink. 

27. The apparatus according to claim 21, wherein said computing device comprises the 
data processor portion of a radio receiver adapted to receive a signal transmitted from a 

1 0 terrestrial repeater station. 

28. The apparatus according to claim 21, wherein said first key is known to all computing 
devices in said system. 

29. The apparatus according to claim 21, wherein said first key is known to a portion of 
computing devices in said system. 

15 30. The apparatus according to claim 21, wherein each individual computing device 
comprises a unique second key not normally known by other computing devices. 

31. The apparatus according to claim 21, wherein said data memory comprises random 
access memory (RAM) integral to said computing device. 

32. The apparatus according to claim 21, wherein said data memory comprises random 
20 access memory (RAM) located in a host device in communication with said computing 



33. The apparatus according to claim 21, wherein data memory comprises nonvolatile 
memory (NVM) integral to said device. 

34. The apparatus according to claim 21, wherein said data memory comprises 
25 nonvolatile memory (NVM) located in a host device in communication with said computing 



device. 



device. 
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35. The apparatus according to claim 21, wherein said software means is operative to 
delete said patch information from said device in the event said verification fails. 

36. The apparatus according to claim 21, wherein said software means is operative to 
delete said patch information from said device and subsequently reboot said computing 

5 device in the event said verification fails. 

37. The apparatus according to claim 21, wherein said first key is hardwired within said 
computing device. 

38. The apparatus according to claim 21, wherein said second key is hardwired within 
said computing device. 

10 39. The apparatus according to claim 21, wherein said second key is stored in nonvolatile 
memory extemal to said computing device. 

40. The apparatus according to claim 21, wherein said second key is derived from a 
imique ED unique among all computing devices and permanently bumt into said computing 
device. 

15 ^41^^^^^^ system for downloading and installing patch data on a plurality of communication 
platforms, comprising: 

transmission means for transmitting said patch data over a nonsecure link to said 
plurality of communication platforms wherein said patch data is transmitted 
encrypted utilizing a first key; 
20 receiving means in each communications platform adapted to receive said patch data 

over said link; 

a data processor adapted to receive said encrypted patch data from said receiving 
means; 

a host device adapted to communicate with said data processor; and 
25 said data processor comprising: 

patch memory adapted to store said patch data; 
data memory; 
processing means; 

software means operative on said data processor for: 
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receiving a first encrypted patch data transmitted at a computing device 
and decrypting said first encrypted patch data utilizing said first 
key so as to generate clear patch data; 



5 



verifying the integrity of the contents of said clear patch data; and if 
said verification passes. 



encrypting said clear patch data using a second key and storing the 
resultant second encrypted patch data in said data memory; 



10 



retrieving said second encrypted patch data ft-om said data memory and 
decrypting said second encrypted patch data using said second 
key so as to generate clear patch data; and 



loading said clear patch data into said patch memory and executing the 



contents thereof. 



42. The system according to claim 41, wherein said transmission means comprises means 
for transmitting said patch data fi-om a central data center via a satellite to said plurality of 

15 communication platforms. 

43. The system according to claim 41, wherein said transmission means comprises means 
for transmitting said patch data fi-om a central data center via a terrestrial repeater station to 
said plurality of communication platforms. 

44. The system according to claim 41, wherein said nonsecure link comprises a satellite 
20 downlink. 

45. The system according to claim 41, wherein said nonsecure link comprises a terrestrial 
wireless link. 

46. The system according to claim 41, wherein said commvmications platform comprises a 
portable or fixed radio operative to receive, demodulate and decode a signal broadcast via 

25 satellite. 

47. The system according to claim 41, wherein said communications platform comprises a 
portable or fixed radio operative to receive, demodulate and decode a signal broadcast via a 
terrestrial repeater station. 
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48. The system according to claim 41, wherein said first key is known to all 
communications platforms in said system. 

49. The system according to claim 41, wherein said first key is known to a portion of 
communications platforms in said system. 

5 50. The system according to claim 41, wherein each individual communications platform 
comprises a unique second key not normally known by other communications platforms. 

51. The system according to claim 41, wherein said data memory comprises random 
access memory (RAM) integral to said data processor. 

52. The system according to claim 41, wherein said data memory comprises random 
10 access memory (RAM) coupled to said host device. 

53. The system according to claim 41, wherein data memory comprises nonvolatile 
memory (NVM) integral to said data processor. 

54. The system according to claim 41, wherein said data memory comprises nonvolatile 
memory (NVM) coupled to said host device. 

15 55. The system according to claim 41, wherein said software means is operative to delete 
said patch information from said communication platform in the event said verification fails. 

56. The system according to claim 41, wherein said software means is operative to delete 
said patch information from said communication platform and subsequently reboot said 
communication platform in the event said verification fails. 

20 57. The system according to claim 41, wherein said first key is hardwired within said data 
processor. 

58. The system according to claim 41, wherein said second key is hardwired within said 
data processor. 

59. The system according to claim 41, wherein said second key is stored in nonvolatile 
25 memory external to said data processor. 
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60. The system according to claim 41, wherein said second key is derived from an ID 
unique among all communication platforms and permanently burnt into said data processor. 
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